CS468 Midterm 1

Confidentiality Definition:

A. information disclosed only to those intended.

B. information cannot be modified without being detected.

C. ensure that communicating parties are who they say they are.

D. ensure that authenticated users are given access only to appropriate information.

E. ensure that you get the resources you want

A. information disclosed only to those intended.

Authentication Definition:

A. information disclosed only to those intended.

B. information cannot be modified without being detected.

C. ensure that communicating parties are who they say they are.

D. ensure that authenticated users are given access only to appropriate information.

E. ensure that you get the resources you want

C. ensure that communicating parties are who they say they are.

Integrity Definition:

A. information disclosed only to those intended.

B. information cannot be modified without being detected.

C. ensure that communicating parties are who they say they are.

D. ensure that authenticated users are given access only to appropriate information.

E. ensure that you get the resources you want

B. information cannot be modified without being detected.

Access Control Definition:

A. information disclosed only to those intended.

B. information cannot be modified without being detected.

C. ensure that communicating parties are who they say they are.

D. ensure that authenticated users are given access only to appropriate information.

E. ensure that you get the resources you want

D. ensure that authenticated users are given access only to appropriate information.

Availability Definition:

A. information disclosed only to those intended.

B. information cannot be modified without being detected.

C. ensure that communicating parties are who they say they are.

D. ensure that authenticated users are given access only to appropriate information.

E. ensure that you get the resources you want

E. ensure that you get the resources you want

Vulnerability Definition:

the web site relies on JavaScript to be executed on the client browser for access control

Exploit Definition:

An exploit is the act of exercising a vulnerability

Also used to refer to an actual program, binary or script that automates an attack

Exploit

Attack Tree

A branching, hierarchical data structure that represents a set of potential techniques for exploiting security vulnerabilities

Cryptography algorithms

Secret key (e.g., AES), Public key (e.g., RSA), and Message digest (e.g., SHA-3)

Secret key

(e.g., AES)

Public Key

(e.g., RSA)

Message digest

(e.g., SHA-3)

Plaintext

original message

ciphertext

coded message

cipher

algorithm for transforming plaintext to ciphertext

key

info used in cipher

encipher (encrypt)

converting plaintext to ciphertext

decipher (decrypt)

recovering ciphertext from plaintext

cryptography

study of encryption principles/methods

cryptanalysis (codebreaking)

study of principles/ methods of deciphering ciphertext without knowing key

cryptology

field of both cryptography and cryptanalysis

Passive attack

This means that you eavesdrop on transmissions

You may accidentally release message contents - Outsider learns content of transmission

Traffic analysis

By monitoring frequency and length of messages, even encrypted, nature of communication may be guessed

Masquerade

Pretending to be a different entity

Replay Attack

A type of network attack where an attacker

captures network traffic and stores it for

retransmission at a later time to gain

unauthorized access to a network.

Modify messages Attack

Modifies Message for malicious reasons, possibly to gain trust of recipient or cause distrust between sender and recipient

The type of encryption operations used

substitution / transposition / product

The number of keys used

single-key or private / two-key or public

The way in which plaintext is processed

block / stream

Brute Force Search

It is always possible to simply try every key

DES

56

AES

128

Triple DES

168

AES

192

AES 2

256

Monoalphabetic

26 character permutation

ciphertext only

only know algorithm & ciphertext, is statistical, know or can identify plaintext

known plaintext

know/suspect plaintext & ciphertext

chosen plaintext

select plaintext and obtain ciphertext

chosen ciphertext

select ciphertext and obtain plaintext

unconditional security

no matter how much computer power or time is available, the cipher cannot be broken since the ciphertext provides insufficient information to uniquely determine the corresponding plaintext

computational security

given limited computing resources the cipher cannot be broken

Symmetric Key Requirements

- a strong encryption algorithm Y = EK(X)

- a secret key known only to sender / receiver X = DK(Y)

Must assume encryption algorithm is known o But implies a secure channel to distribute key

Caesar Cipher

5X5 matrix of letters based on a keyword o Fill in letters of keyword (without duplicates)

Polyalphabetic substitution ciphers

use multiple alphabets in the same message to hinder decryption efforts

ex- Vigenere cipher -> uses a single enc/dec chart and requires a key

Vigenère Cipher

a method of encrypting text by applying a series of Caesar ciphers based on the letters of a keyword.

Autokey Cipher

a key as long as the message

One-Time Pad

Unbreakable since ciphertext bears no statistical relationship to the plaintext

Transposition Ciphers

Hide the message by rearranging the letter order without altering the actual letters used

Rail Fence cipher

Write message letters out diagonally over a number of rows

Row Transposition Ciphers

Write letters of message out in rows over a specified number of columns

Then reorder the columns according to some key before reading off the rows

Substitution ciphers Where letters of plaintext are replaced by other letters or by numbers or symbols

Where letters of plaintext are replaced by other letters or by numbers or symbols

Transposition or permutation ciphers

- Hide the message by rearranging the letter order

- But you don't alter the actual letters used

Product Ciphers

A combination of transposition and/or substitution ciphers

Block Cipher

-Maximum number of encryption mappings

-2n possible different plaintext blocks

-Each must produce a unique cipher block

-2n ! (factorial) different transformations

Claude Shannon

Substitution-Permutation Ciphers

Diffusion

Dissipates statistical structure of plaintext over bulk of ciphertext

Confusion

makes relationship between ciphertext and key as complex as possible

Problem with Block ciphers

-would need table of 264 entries for a 64-bit block n x 2n key size

- Create security from smaller building blocks using idea of a product cipher

Actual Block Ciphers

May have invertible, non-invertible and self-invertible functions

Shift Box

moves inputs over by some n bits(may be circular)

Swap box

swaps two or more blocks of bits

Compression P-box

Not all inputs map to an output

Expansion P-Box:

Some inputs map to multiple outputs

Compression and Expansion P-Boxes are ____.

-not invertible

-Compression boxes lose information

-Cannot invert expansion box if two different outputs would map to the same input

-Used primarily in key generation

Feistel cipher

-Based on concept of invertible product cipher

-Has non-invertible parts!

-Encryption and decryption are inverses of each other (?)

Feistel Cipher Design Elements

-Block size

-Key size

- Number of rounds

- Subkey generation algorithm

- Round function

- Fast software en/decryption

- Ease of analysis

Data Encryption Standard (DES)

encrypts 64-bit data using 56-bit key (16 rounds)

Strong Avalanche in DES

A change of one input or key bit results in changing approximately half output bits

Strength of DES

key size, 56-bit keys have 256 = 7.2 x 1016 values

DES Attacks

Statistical attacks

-differential cryptanalysis: compare related encryptions

-linear cryptanalysis: use linear approximations

There are also timing attacks

-They use the fact that calculations can take varying times depending on the value of the inputs to it

Differential cryptanalysis compares ____ related pairs of encryptions

two

AES Requirements

Private key symmetric block cipher

- 128-bit data, 128/192/256-bit keys

- Stronger & faster than Triple-DES

- Active life of 20-30 years (+ archival use)

- Provide full specification & design details

- Both C & Java implementations

- NIST have released all submissions & unclassified analyses

Modular arithmetic is when you do ____.

addition and multiplication and then modulo reduce answer

If commutative

Forms an abelian group

-Integers using addition and real numbers using multiplication form an infinite abelian group

Cyclic Group

Define exponentiation as repeated application of operator

A group is cyclic if every element is a power of some fixed element ie b = a^k for some a and every b in group

- a is said to be a generator of the group

DES key problems

-Theoretical attacks that can break it

-Demonstrated exhaustive key search attacks

"Meet-in-the-middle" attack

known (C,P) pairs -Since X = EK1(P) = DK2(C)

-Attack by encrypting P with all keys and store

-Then decrypt C with all keys and match X value

Ring

A set of elements with two operations (typically called "addition" and "multiplication") that form:

-if multiplication operation is commutative, it forms a commutative ring

-if multiplication operation has an identity and no zero divisors, it forms an integral domain

-The set of all n-square matrices over real numbers forms a ring

A field is ____.

any set of elements that satisfies the field axioms for both addition and multiplication

Galois Fields

It can be shown show number of elements in a finite field must be a power of a prime p^n

Modulo reduction done by

repeatedly substituting highest power with remainder of irreducible poly (also shift & XOR)

Rijndael cipher

Data block of 4 columns of 4 bytes is state

- Key is expanded to array of words

- Has 9/11/13 rounds in which state undergoes:

- byte substitution (1 S-box used on every byte)

- shift rows (permute bytes between groups/columns)

- mix columns (subs using matrix multipy of groups)

- add round key (XOR state with key material)

- view as alternating XOR key & scramble data bytes

- Initial XOR key material & incomplete last round

-Fast XOR & table lookup implementation

Key Expansion Rationale

-Designed to resist known attacks

-Design criteria included

- knowing part key insufficient to find many more

- invertible transformation

- fast on wide range of CPU's

- use round constants to break symmetry

- diffuse key bits into round keys

- enough non-linearity to hinder analysis - simplicity of description

AES decryption

AES decryption cipher is not identical to the encryption cipher -The sequence of transformations differs although the form of the key schedules is the same

-Has the disadvantage that two separate software or firmware modules are needed for applications that require both encryption and decryption

(AES)Only _______ makes use of the key

Add round key.

-All other stages reversible without knowledge of key

-The other three stages add diffusion, confusion, and nonlinearity

Electronic Codebook Book (ECB)

-Message is broken into independent blocks which are encrypted

-Each block is a value which is substituted, like a codebook, hence name

-Each block is encoded independently of the other blocks

Limitations of ECB

Weakness is due to the encrypted message blocks being independent

Cipher Block Chaining (CBC)

Message is broken into blocks

-Linked together in encryption operation

-Each previous cipher blocks is chained with current plaintext block, hence name

Message Padding

At end of message must handle a possible last short block

Limitations of CBC

- A ciphertext block depends on all blocks before it

- Any change to a block affects all following ciphertext blocks

Cipher FeedBack (CFB)

Message is treated as a stream of bits

-Added to the output of the block cipher

- Essentially uses the block cipher as a pseudo-random number generator

-Result is feed back for next stage (hence name) - Uses a b-bit shift register

Limitations of CFB

Limitation is need to stall while doing block encryption after every n-bits

Errors may propagate for several blocks after the error

Output FeedBack (OFB)

-Message is treated as a stream of bits

-Output of cipher is added to message

-Output is then feed back o Feedback is independent of message

Advantages and Limitations of OFB

-Bit errors do not propagate

-More vulnerable to message stream modification

-Sender and receiver must remain in sync

Counter (CTR)

-Similar to OFB but encrypts counter value rather than any feedback value

-You must have a different counter value for every plaintext block (never reused)

Advantages and Limitations of CTR

Efficiency

- can do parallel encryptions in h/w or s/w

- can preprocess in advance of need

- good for bursty high speed links

o Random access to encrypted data blocks

o Provable security (good as other modes)

o User must ensure that key/counter values are never reused

XTS-AES Mode for Block-Oriented Storage Devices

Standard describes a method of encryption for data stored in sector-based devices where the threat model includes possible access to stored data by the adversary

Tweakable Block Ciphers

General structure:

• Has three inputs: plaintext, symmetric text, and tweak

• Tweak need not be kept secret

• Purpose is to provide variability

Produces ciphertext